[netmod] Re: comments on system-config-08 draft

"maqiufang (A)" <maqiufang1@huawei.com> Wed, 21 August 2024 08:05 UTC

Return-Path: <maqiufang1@huawei.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3945DC14F705 for <netmod@ietfa.amsl.com>; Wed, 21 Aug 2024 01:05:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.209
X-Spam-Level:
X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NzNHEUTOIL1m for <netmod@ietfa.amsl.com>; Wed, 21 Aug 2024 01:05:08 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67DECC14F6EC for <netmod@ietf.org>; Wed, 21 Aug 2024 01:05:08 -0700 (PDT)
Received: from mail.maildlp.com (unknown [172.18.186.216]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4Wpf1h09ZRz6D92H for <netmod@ietf.org>; Wed, 21 Aug 2024 16:02:00 +0800 (CST)
Received: from lhrpeml100002.china.huawei.com (unknown [7.191.160.241]) by mail.maildlp.com (Postfix) with ESMTPS id 9EF4C140B18 for <netmod@ietf.org>; Wed, 21 Aug 2024 16:05:05 +0800 (CST)
Received: from kwepemm000019.china.huawei.com (7.193.23.135) by lhrpeml100002.china.huawei.com (7.191.160.241) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.39; Wed, 21 Aug 2024 09:05:04 +0100
Received: from kwepemm600017.china.huawei.com (7.193.23.234) by kwepemm000019.china.huawei.com (7.193.23.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.39; Wed, 21 Aug 2024 16:05:03 +0800
Received: from kwepemm600017.china.huawei.com ([7.193.23.234]) by kwepemm600017.china.huawei.com ([7.193.23.234]) with mapi id 15.01.2507.039; Wed, 21 Aug 2024 16:05:03 +0800
From: "maqiufang (A)" <maqiufang1@huawei.com>
To: Andy Bierman <andy@yumaworks.com>, "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [netmod] comments on system-config-08 draft
Thread-Index: AQHa8yC3IgupZ9QC9kiNDi59MtYiTLIxDIlQ
Date: Wed, 21 Aug 2024 08:05:02 +0000
Message-ID: <bf769710572f4b3884d58d128cf58305@huawei.com>
References: <CABCOCHScHJENof+1obOgXUDZZMhhPhs9rvKHw4W0RRfF0R1_Hw@mail.gmail.com>
In-Reply-To: <CABCOCHScHJENof+1obOgXUDZZMhhPhs9rvKHw4W0RRfF0R1_Hw@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.118.147]
Content-Type: multipart/alternative; boundary="_000_bf769710572f4b3884d58d128cf58305huaweicom_"
MIME-Version: 1.0
Message-ID-Hash: PAI2RL5B3AR77VSVHCEKW3CT6Y5QM27K
X-Message-ID-Hash: PAI2RL5B3AR77VSVHCEKW3CT6Y5QM27K
X-MailFrom: maqiufang1@huawei.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-netmod.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [netmod] Re: comments on system-config-08 draft
List-Id: NETMOD WG list <netmod.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/x_udWxEZ18TMJp1SoM5i8CaDeSE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Owner: <mailto:netmod-owner@ietf.org>
List-Post: <mailto:netmod@ietf.org>
List-Subscribe: <mailto:netmod-join@ietf.org>
List-Unsubscribe: <mailto:netmod-leave@ietf.org>

Hi, Andy,

Thanks for the comments, please see reply inline…

From: Andy Bierman [mailto:andy@yumaworks.com]
Sent: Wednesday, August 21, 2024 12:34 AM
To: NetMod WG <netmod@ietf.org>
Subject: [netmod] comments on system-config-08 draft

Hi,

I do not think this draft is ready.

1) Behavior changes to conventional datastores

There seem to be NBC changes being made to the
behavior of the conventional non-NMDA datastores, particularly <running>.

I disagree that it is a problem that <running> contains some system configuration
mixed in with the client configuration.  The only problem is that the data is not
editable by clients.  The "immutable" flag draft provides clients
with enough information to avoid 'access-denied' errors when editing system config.
Changing the behavior of <running> seems to break old non-NMDA clients
that expect the combined config.
There are various implementations about system configuration, and some do put system configuration into <running>, but the vision has always been to give the client full control over <running>, right? System configuration comes and goes, which is beyond the control of operators, while I think <running> should be controlled with more predictability.

2) NBC Changes to XPath

Changing the XPath evaluation procedures is an NBC change.
In this case, also quite complicated to implement XPath across
multiple datastores.

System config could be visible in <running> using the immutable flag.
Leafrefs and XPath are allowed to point at config=true in the same data tree.
This does not require any changes to XPath processing.

Referencing a special read-only datastore is no different than simply
allowing the XPath to reference config=false.  It is the same NBC change.
I am confused by this comment, as no one has ever proposed to change the XPath evaluation procedures.
If the intention is to make <running> alone valid, the proposed approach is to either copy the referenced system nodes into <running> or use the “resolve-system” parameter to allow the server do the copy thing.
If <running> alone doesn’t have to be valid and only <intended> is subject to validation, then simply merge <running> with <system> to be referentially complete for <intended>.
Neither case has proposed a direct cross-datastore reference.
3) resolve-system

I am confused why a client would not resolve the system, since
the <running> datastore needs these nodes so the client nodes can exist.
Of course the client can resolve the reference and explicitly copy the missing parts from <system> into <running> (see sec 5.2), “resolve-system” is just an alternative for the clients that don’t wish a manual copy. It is optional to implement and clients *may* use.


Andy
Best Regards,
Qiufang